MS plugs 'moderate' Exchange vuln

Microsoft's patch train rolled into town last night with one solitary occupant. After the release of XP SP2 last Friday it's just as well that the only extra thing sysadmins have to contend with is a not-especially devastating vulnerability involving Exchange.

Microsoft has issued a patch which aims to address a cross-site scripting and spoofing vulnerability in Outlook Web Access feature of Exchange Server 5.5. This flaw could be exploited to trick a user into running a malicious script, which would run in the security context of a user. It may also be possible to exploit the flaw to manipulate Web browser caches and intermediate proxy server caches, and put spoofed content in those caches.

Redmond describes the vulnerability as moderate, way below the dreaded critical and important designations on its peril index. The alternative workaround is to disable Outlook Web Access, the service that allows users to access their Exchange mailbox through a browser